Show ip nat translations on R1 should also show the NAT translations to ISP2 now. Success rate is 100 percent (5/5), round-trip min/avg/max = 28/56/84 ms *Feb 13 21:44:29.835: %TRACKING-5-STATE: 105 list boolean or Up->DownĪnd the default route on R1 should have changed to ISP2.Īnd if we repeat the same ping and traceroute from PC1 to 8.8.8.8, they should still work fine, but the route should show ISP2 as the second hop instead of ISP1. Now, if we suspend a link connected to the ISP1 route, it doesn’t matter which one, our topology should failover.įirst thing you should notice is the track objects going down on R1. Pro Inside globalInside local Outside localOutside global You can use show ip nat translations on R1 to verify the NAT translations over ISP1. VRF info: (vrf in name/id, vrf out name/id) Success rate is 100 percent (5/5), round-trip min/avg/max = 48/85/196 ms Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds: You can also perform a traceroute from PC1 to 8.8.8.8 to verify the route the traffic flows. If we ping from PC1 to 8.8.8.8, the ping should succeed. Ip nat inside source route-map RM-NAT-ISP2 interface GigabitEthernet1/0 overload Verification Ip nat inside source route-map RM-NAT-ISP1 interface GigabitEthernet0/0 overload We’ll create an access list to define the LAN traffic that should be translated.Īnd we’ll use some route-maps to match the LAN traffic on the outside interfaces for translation.Īnd finally, the NAT configuration commands. That should be the routing done, now we will need to configure NAT to allow the LAN clients to access the internet. Otherwise we will add ISP2 with a metric of 10. We will use the track 105 object to determine if ISP1 is up and add it to the routing table. Now we will add our default routes via both ISP’s. By using the boolean or option, the track will go down if all of the tracked objects go down but will not if only one goes down. Then a track object to track the first two objects. Next we create two track objects to monitor the ip sla’s for reachability. Ip sla schedule 101 life forever start-time now Icmp-echo 8.8.4.4 source-interface GigabitEthernet0/0 Ip sla schedule 100 life forever start-time now Icmp-echo 8.8.8.8 source-interface GigabitEthernet0/0 We do this using ip sla to two different known hosts (I used Google’s public DNS servers for this demo). I would also advise against tracking the next hop, as an issue within the ISP network wouldn’t cause failover to occur but may prevent you from reaching the internet. I would advise you track reachability of a couple of hosts to avoid failing over if somebody else is having an issue. This will make failover occur if the internet connection goes down. To make the failover work we need to track some objects on the primary connection. Next we’ll configure our routes via both ISP’s. The first thing we need to do is configure the interfaces of the two ISP connections. I’ll include the GNS3 project file at the end of this post if you would like to play with it. In the real world, the rest would be out of your control anyway. The only devices I’ll be going over are R1 and PC1. I’ll work with the topology below and go through the configuration. Dual WAN uplinks for resilience are a common request when configuring small business routers.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |